LNK File with both local and network paths

Can you post the fields of one as an example?

On NTFS when a file is opened and a Link File is created, two FileLocations are embedded at the end of the Link File. The last four bytes of the Link File are zero and the 64 preceding bytes contain two FileLocations. The two are the same unless a file has been moved between two NTFS volumes.

Here is an image but keep in mind that local and network paths in one LNK file are present on more than just dropbox lnk files.

From what I understand
Local Path - The location of the lnk file
Relative Path - The path to the actual file the lnk points to
Is the network path the same as the relative path?

That is incorrect. The local path does not point to the LNK file. This is internal metadata within the LNK file.

Local path points to a files location on the local drive. The network path points to a files location in a network location.

Is the first part of the "Network path" the same as the "NetBios name"? ?

jaclaz

Is the first part of the "Network path" the same as the "NetBios name"? ?

jaclaz

That's what it looks like ..

I would use a lnk file parser to get more info (eg http//www.sno.phy.queensu.ca/~phil/exiftool/)

oops I meant
Local Path - The location of the file
Relative Path - The full path to the actual file the lnk points to

Is the first part of the "Network path" the same as the "NetBios name"? ?

jaclaz

Yes, they are the same name.

BTW, the 'volume serial' can also help you identify the drive (if you have access to it) where the shortcut points to.

For example, I opened a lnk file from my desktop

which points to a file located at 'C\Users' but the actual file (and C\Users directory) was on a disk image I had mounted some time ago. The volume serial is of the actual disk imaged and not from my local machine.

Maby it's an artifact from its earlier location that did not get updated, one way or the other.